what do you think about Biometrie

Matthias Bruestle mlist@mbsks.franken.de
Tue Sep 3 14:12:04 2002 

Mahlzeit


On Tue, Sep 03, 2002 at 12:47:16PM +0200, Patrick Tchoquessi wrote:
> biometric is not only thumbprint (it may be iris scan etc...)
> and the actually stand of the technology base on lifely recognisation,

Making sure "lifely recognisation" is only possible by the person who
provides the biometric device by providing the appropriate scanner and
making sure that it is used in the appropriate way. To stay now at the
thumbprint, it should generate in a unique way a key for GnuPG. This
algorithm can be run on a computer using a thumbprint from a glas inside
a computer without any scanner attached to it. If the algorithm want's to
know if it is from a lifely sample you just tell it yes, because it can't
verify it. It is just software. Now to the other biometric systems. Iris
can be scanned from a distance. And for things like retina, these can
either be forcefully scanned or you can be tricked you make a scan. And
when retina scanners/etc. are in widespread use, you also leave every
where your retina scan like the thumbprint. Than you give automagically
your key to your employee, your bank, police, ... And as already written
here you can't change the key if it gets "stolen".

What does make more sense for biometric applications is authentication.
It is often more convenient (for the people it does work) than other
things, but it has also disadvantages. One possible way to use biometric
authentication together with GnuPG could be to use a thumbprint as
authentication towards you smart card containing your keys. There is
a product from REINER SCT which combines data from the thumbprint and
some other random but static sources to generate a key which is used to
encrypt the PIN for the card. This is also an encryption key generated
from a thumbprint, but it is useless without the token and the encrypted
PIN. And there are also at least plans for on-card fingerprint matching.
A ISO/IEC draft exists for this and maybe there are already cards that
do this.

> I don't aspect to get more security but only more convenients

Then you probably don't need GnuPG.


Mahlzeit
endergone Zwiebeltuete